I'm thinking about shifting my career a little from sys admin/developer to system/network security engineer but, as with most topics, web resources are very broad and it's hard to filter quality ones from the "mob".

I would like to ask You guys about career paths, required skills, good learning resources and any type of tip that You can find?_________________"If you are using Linux as a development platform, do not skip first learning administration and security. It is a foolish programmer indeed who is not master of his or her own computer"

In my former career as a professional hacker (programmer, whatever), I was entirely self-taught in whatever I did at the moment, and I learned by doing. Some book learning was useful, but mostly, it was just doing stuff and getting my hands in the dirt.

I would start by working with and understanding the different security protection models you can implement. The easiest way to do that would be to set up a few virtual machines, and experiment with their setup and configuration, within a virtual network. Then run security-scanners against them. I take it you're familiar with use and administration of hardened gentoo: you should be running that as your main machine, so that you're familiar with it on a day-to-day basis, and always up-to-speed with its administration. Hang out in their IRC channel, and sign up to their mailing-list.

You should definitely know SELinux and pax-utils very well, and understand Linux Security Modules well enough to work on them. Be prepared to do a lot of research, and make sure you understand netiquette.

Once you've got some knowledge about use and administration, start to contribute to a project, firstly just by trying to fix configuration and usage bugs that you find, things that annoy you. Keep up to date with security mailing lists and vulnerability lists like CVE, and try to understand the different attacks that you see, then start thinking how you can patch software before anyone else does, to make it more secure for everyone: that will help you build a reputation.

Beware of the temptation to crack systems: it's a negative path, and won't take you anywhere good in your life.

Personally I have a high regard for grsecurity which is the umbrella project that pax-utils is part of.

If you find IRC or mailing-lists a bit bruising (they can be) just /join #friendly-coders on chat.freenode.net for a sanctuary and somewhere you can ask for further explanation of what those asshats were on about.. ;)

You won't get there overnight, so take it easy and enjoy the journey :-)